154 matches found
WP Travel Engine <= 5.7.9 - SQL Injection
WP Travel Engine 5.7.9 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2024-30502 info: name: WP Travel Engine = 5.7.9 - SQL Injection...
CVE-2026-49770
Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...
CVE-2026-49078
Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...
CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...
CVE-2026-49770
CVE-2026-49770 affects the WordPress WP Travel Engine plugin (
EUVD-2026-36893
Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...
CVE-2026-49770 WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Travel Engine = 6.7.12 versions...
CVE-2026-49078
Technical details for CVE-2026-49078 are not publicly available in the provided documents. Monitor updates from Patchstack/CVE entries for affected version 6.7.10 and potential fixes.
CVE-2026-49078 WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...
EUVD-2026-36877
Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...
CVE-2026-49078 WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability
Unauthenticated Other Vulnerability Type in WP Travel Engine = 6.7.10 versions...
PT-2026-49343
Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.13 Description An unauthenticated PHP Object Injection exists in the software. PHP Object Injection occurs when user-supplied input is passed to the PHP unserialize function without proper validation,...
PT-2026-49169
Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.7.11 Description An unauthenticated issue exists in the WP Travel Engine plugin that allows for an unspecified vulnerability type to be exploited without requiring user authentication. Recommendations Updat...
WordPress WP Travel Engine plugin <= 6.7.10 - Other Vulnerability Type vulnerability
Other Vulnerability Type vulnerability discovered by dodoh4t in WordPress Plugin WP Travel Engine versions = 6.7.10...
WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin WP Travel Engine versions = 6.7.12...
EUVD-2026-18983
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-2437
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-2437
The WP Travel Engine – Tour Booking Plugin for WordPress is affected by a Stored Cross‑Site Scripting (XSS) in the wte_trip_tax shortcode, impacting all versions up to and including 6.7.5. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabl...
CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wtetriptax' shortcode in all versions up to, and including, 6.7.5 due to insufficient input sanitization and output escaping on user supplied...